Saltar al contenido principal

Validación de firma

El propósito de este valor es salvaguardar la integridad de la respuesta recibida. Se trata de una cadena codificada en formato base 64 y se encuentra en el campo "signature" de la respuesta generada por la librería. En la representación en formato JSON del objeto de respuesta, se puede observar este campo de la siguiente manera:

Es importante tener en cuenta este proceso de validación de firma únicamente cuando el valor del campo "paymentResult.code" no sea igual a "021" ni a "COMMUNICATION_ERROR".

{
    "code": "00",
    "message": "OK",
    "messageUser": "Operación exitosa",
    "messageUserEng": "Successful",
    "response": {
      "payMethod": "CARD",
      "order": [
        {
          "payMethodAuthorization": "CARD",
          "codeAuth": "S93925",
          "currency": "PEN",
          "amount": "1.00",
          "installment": "00",
          "deferred": "0",
          "orderNumber": "7676794",
          "stateMessage": "Autorizado",
          "dateTransaction": "20240307",
          "timeTransaction": "111451",
          "uniqueId": "1286134",
          "referenceNumber": "7000000"
        }
      ],
      "card": {
        "brand": "VS",
        "pan": "497010******0055",
        "save": "false"
      },
      "billing": {
        "firstName": "Juan",
        "lastName": "Wick Quispe",
        "email": "jwickq@izi.com",
        "phoneNumber": "989339999",
        "street": "calle el demo sdk",
        "city": "lima",
        "state": "lima",
        "country": "PE",
        "postalCode": "00001",
        "documentType": "DNI",
        "document": "12345678",
        "companyName": ""
      },
      "merchant": {
        "merchantCode": "4075169",
        "facilitatorCode": ""
      },
      "token": {
        "merchantBuyerId": "enriquepariascauser",
        "cardToken": "",
        "alias": ""
      },
      "authentication": {
        "result": ""
      },
      "customFields": [
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        ""
      ]
    },
    "payloadHttp": "{\"code\":\"00\",\"message\":\"OK\",\"messageUser\":\"Operación exitosa\",\"messageUserEng\":\"Successful\",\"transactionId\":\"557763479\",\"response\":{\"payMethod\":\"CARD\",\"order\":[{\"payMethodAuthorization\":\"CARD\",\"codeAuth\":\"S93925\",\"currency\":\"PEN\",\"amount\":\"1.00\",\"installment\":\"00\",\"deferred\":\"0\",\"orderNumber\":\"7676794\",\"stateMessage\":\"Autorizado\",\"dateTransaction\":\"20240307\",\"timeTransaction\":\"111451\",\"uniqueId\":\"1286134\",\"referenceNumber\":\"7000000\"}],\"card\":{\"brand\":\"VS\",\"pan\":\"497010******0055\",\"save\":\"false\"},\"billing\":{\"firstName\":\"Juan\",\"lastName\":\"Wick Quispe\",\"email\":\"jwickq@izi.com\",\"phoneNumber\":\"989339999\",\"street\":\"calle el demo sdk\",\"city\":\"lima\",\"state\":\"lima\",\"country\":\"PE\",\"postalCode\":\"00001\",\"documentType\":\"DNI\",\"document\":\"12345678\",\"companyName\":\"\"},\"merchant\":{\"merchantCode\":\"4075169\",\"facilitatorCode\":\"\"},\"token\":{\"merchantBuyerId\":\"enriquepariascauser\",\"cardToken\":\"\",\"alias\":\"\"},\"authentication\":{\"result\":\"\"},\"customFields\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"]}}",
    "signature": "0rlf7ASjgBBfVu1XB1PcnvMPvV6wFVEL/P8BgbbtRSY=",
    "transactionId": "557763479"
  }

Para validar la firma realizar los siguientes pasos:

  • Acceder al valor del payload mediante el atributo paymentResult.response.payloadHttp (revisar el paso 5 de la sección Integración con android).
  • Utilizar HMAC-SHA256 para generar un Hash del valor del payload utilizando como secretKey la claveHash (en la sección Definición de parámetros).
  • Comparar el resultado con el signature, de resultar iguales se habrá garantizado la integridad del mensaje.

Aquí te mostramos un ejemplo de como realizar la validación de firma a través de JavaScript:

import javax.crypto.Mac
import javax.crypto.spec.SecretKeySpec 
import java.nio.charset.StandardCharsets 
import java.util.Base64
  

fun main() { 
    val payload = "{\"code\":\"00\",\"message\":\"OK\",\"messageUser\":\"Operación exitosa\",\"messageUserEng\":\"Successful\",\"transactionId\":\"557763479\",\"response\":{\"payMethod\":\"CARD\",\"order\":[{\"payMethodAuthorization\":\"CARD\",\"codeAuth\":\"S93925\",\"currency\":\"PEN\",\"amount\":\"1.00\",\"installment\":\"00\",\"deferred\":\"0\",\"orderNumber\":\"7676794\",\"stateMessage\":\"Autorizado\",\"dateTransaction\":\"20240307\",\"timeTransaction\":\"111451\",\"uniqueId\":\"1286134\",\"referenceNumber\":\"7000000\"}],\"card\":{\"brand\":\"VS\",\"pan\":\"497010******0055\",\"save\":\"false\"},\"billing\":{\"firstName\":\"enrique\",\"lastName\":\"pariasca\",\"email\":\"enrique.pariasca@izitest.pe\",\"phoneNumber\":\"989339999\",\"street\":\"calle el demo sdk\",\"city\":\"lima\",\"state\":\"lima\",\"country\":\"PE\",\"postalCode\":\"00001\",\"documentType\":\"DNI\",\"document\":\"12345678\",\"companyName\":\"\"},\"merchant\":{\"merchantCode\":\"4075169\",\"facilitatorCode\":\"\"},\"token\":{\"merchantBuyerId\":\"enriquepariascauser\",\"cardToken\":\"\",\"alias\":\"\"},\"authentication\":{\"result\":\"\"},\"customFields\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"]}}"
    val keyHash = "Xom5Hlt9eSWoylYuBrenIbOsTljEdefR" 
    val signature = "0rlf7ASjgBBfVu1XB1PcnvMPvV6wFVEL/P8BgbbtRSY=" 
    val isValid = checkSignature(payload, keyHash, signature) 
    println("La firma es válida: $isValid") 
} 

fun checkSignature(payload: String, keyHash: String, signature: String): Boolean { 
    if (keyHash.isEmpty()) { 
        return false 
    } 

    val keySpec = SecretKeySpec(keyHash.toByteArray(StandardCharsets.UTF_8), "HmacSHA256") 
    val mac = Mac.getInstance("HmacSHA256") 
    mac.init(keySpec) 
    val hashBytes = mac.doFinal(payload.toByteArray(StandardCharsets.UTF_8)) 
    val computedSignature = Base64.getEncoder().encodeToString(hashBytes) 
    return signature == computedSignature 
}